Fri Sep 26 13:54:28 2014 UTC ()
Update to 1.3.2 for a security fix:

We've just released Go version 1.3.2, a minor point release.

This release includes bug fixes to cgo and the crypto/tls package.
    https://golang.org/doc/devel/release.html#go1.3.minor

The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.


(wiz)
diff -r1.17 -r1.18 pkgsrc/lang/go/Makefile
diff -r1.11 -r1.12 pkgsrc/lang/go/PLIST
diff -r1.12 -r1.13 pkgsrc/lang/go/distinfo
cvs diff -r1.17 -r1.18 pkgsrc/lang/go/Makefile (expand / switch to context diff)
--- pkgsrc/lang/go/Makefile 2014/08/17 15:17:42 1.17
+++ pkgsrc/lang/go/Makefile 2014/09/26 13:54:28 1.18
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.17 2014/08/17 15:17:42 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2014/09/26 13:54:28 wiz Exp $
 
-VERSION=	1.3.1
+VERSION=	1.3.2
 DISTNAME=	go${VERSION}.src
 PKGNAME=	go-${VERSION}
 CATEGORIES=	lang
cvs diff -r1.11 -r1.12 pkgsrc/lang/go/Attic/PLIST (expand / switch to context diff)
--- pkgsrc/lang/go/Attic/PLIST 2014/08/17 15:17:42 1.11
+++ pkgsrc/lang/go/Attic/PLIST 2014/09/26 13:54:28 1.12
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2014/08/17 15:17:42 wiz Exp $
+@comment $NetBSD: PLIST,v 1.12 2014/09/26 13:54:28 wiz Exp $
 bin/go
 bin/gofmt
 go/AUTHORS
@@ -286,6 +286,7 @@
 go/misc/cgo/test/issue7665.go
 go/misc/cgo/test/issue7695_test.go
 go/misc/cgo/test/issue7786.go
+go/misc/cgo/test/issue7978.go
 go/misc/cgo/test/issue8148.go
 go/misc/cgo/test/issue8331.h
 go/misc/cgo/test/issue8331a.go
@@ -1350,11 +1351,13 @@
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicket
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-3DES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-RC4
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-Resume
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-SNI
 go/src/pkg/crypto/tls/ticket.go
 go/src/pkg/crypto/tls/tls.go
cvs diff -r1.12 -r1.13 pkgsrc/lang/go/Attic/distinfo (expand / switch to context diff)
--- pkgsrc/lang/go/Attic/distinfo 2014/08/17 15:17:42 1.12
+++ pkgsrc/lang/go/Attic/distinfo 2014/09/26 13:54:28 1.13
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2014/08/17 15:17:42 wiz Exp $
+$NetBSD: distinfo,v 1.13 2014/09/26 13:54:28 wiz Exp $
 
-SHA1 (go1.3.1.src.tar.gz) = bc296c9c305bacfbd7bff9e1b54f6f66ae421e6e
-RMD160 (go1.3.1.src.tar.gz) = f5b15f441075f3541ee4bacebf55c88ccdb7ed8c
-Size (go1.3.1.src.tar.gz) = 10047964 bytes
+SHA1 (go1.3.2.src.tar.gz) = 67d3a692588c259f9fe9dca5b80109e5b99271df
+RMD160 (go1.3.2.src.tar.gz) = d81642869b9f044f98f8386ee936a5872763c4cf
+Size (go1.3.2.src.tar.gz) = 10049331 bytes
 SHA1 (patch-src_cmd_go_build.go) = 1ac7a9d77e8061b0f1184ebe59c7600f61da61e2